Ember Technology

Upcoming CMMC Event! Join Kansas APEX and Kansas IT Professionals in a discussion of compliance with Defense Cybersecurity requirements. CMMC compliance is crucial for companies in the defense supply chain as prime or subcontractors. This virtual discussion will provide valuable insights into the requirements and best practices for achieving compliance.?Kansas IT professionals will include: John Shamasko, Lead CMMC Assessor & Authorizing Official for The CMMC Team Tariq Azmi of Ember Technology JD Zluticky of Essential It Services, Inc. Registration link in comments

We are thrilled to announce that Registration is Now Open!

CMMC Midwest Conference coming up May 1 & 2. Looking forward to it!

Registration is now open! Visit https://lnkd.in/gKVM98tb and check out who is speaking, the workshops, and all the great things planned for the conference this year. Register early for the best deal on tickets!

As we continue the series of "Where do I start my CMMC Compliance?" POAM plays a critical role on your journey to compliance. A solid Plan of Action & Milestones (POAM) is your roadmap to remediation. It's not just a checklist; it's a strategic document that outlines how you'll address vulnerabilities and strengthen your security posture. A well-crafted POAM demonstrates commitment to security and provides a clear path forward. Here are a few tips on building an effective POAM ? Prioritize: After your GAP Assessment prioritize your GAP, understand your vulnerabilities. Don't try to fix everything at once. Focus on the most critical risks first. ?? ?? Define Clear Objectives: For each vulnerability, define specific, measurable, achievable, relevant, and time-bound (SMART) objectives. What exactly needs to be done? By when??Who is responsible? ?? Outline Actionable Steps: Break down each objective into smaller, manageable tasks.?This makes the remediation process less daunting and ensures progress is trackable.?Include details like specific tools, resources, and personnel required. ?? Establish Realistic Timelines: Don’t rush the process.?Set realistic timelines for each task, considering resource constraints and dependencies.?Regularly review and adjust timelines as needed. ???? Assign Responsibilities: Clearly define who is responsible for each task.?This ensures accountability and prevents tasks from falling through the cracks. ?? Track Progress and Document Everything: Use a system to track progress against your milestones.?Document all activities, including remediation steps taken, test results, and any changes to the POAM.?This documentation is crucial for audits and demonstrating compliance. ?? Regularly Review and Update: Your POAM is a living document. Regularly review and update it to reflect changes in the environment, new vulnerabilities discovered, and progress made. Don't let it become stale A well-maintained POAM is a powerful tool for managing cybersecurity risk. It helps you stay organized, prioritize your efforts, and demonstrate your commitment to security and meeting compliances #CMMC #NIST800 #POAM

As we continue the series on "Where do I start my compliance journey?" Step 3 "Understand the CMMC requirements" Review your contracts, understand what your storing, processing and transferring. After you understand what you have in your environment ? 1. Identified all systems and locations where CUI might reside: This includes servers, workstations, laptops, mobile devices, cloud storage, and any other potential repositories. ?? ?? 2. Categorize the types of CUI: Determine the specific categories of CUI you handle (e.g., personal data, financial data, intellectual property, etc.). ? ?? 3. Assess the sensitivity of each CUI type: Determine the level of risk associated with each type of CUI This should help you understand which level of CMMC applies to your organization. If you have CUI or CTI an organization can proceed with working towards the level-2 requirements DM me if you need assistance or need further clarifications. #CUI #Compliance #CMMC #DFARS

Something to consider, whether you're bound by CMMC or not.

Cont... "Where do I start my compliance journey?" Conduct a GAP Analysis: What is a GAP Analysis: A GAP Analysis is a process that helps you assess the difference between your current state and your desired state. It provides a clear roadmap for identifying the gaps in your operations, processes, or strategies, and helps you take action to bridge those gaps Perform a thorough assessment of your current cybersecurity posture. Identify any gaps between your existing practices and the CMMC requirements. This will help you understand where improvements are needed. DM me if you have questions or need clarification #GAPAnalysis #Cybersecurity #CMMC #RiskManagement

As we continue the series on "Where do I start my compliance journey?" Step 3 "Understand the CMMC requirements" Review your contracts, understand what your storing, processing and transferring. After you understand what you have in your environment ? 1. Identified all systems and locations where CUI might reside: This includes servers, workstations, laptops, mobile devices, cloud storage, and any other potential repositories. ?? ?? 2. Categorize the types of CUI: Determine the specific categories of CUI you handle (e.g., personal data, financial data, intellectual property, etc.). ? ?? 3. Assess the sensitivity of each CUI type: Determine the level of risk associated with each type of CUI This should help you understand which level of CMMC applies to your organization. If you have CUI or CTI an organization can proceed with working towards the level-2 requirements DM me if you need assistance or need further clarifications. #CUI #Compliance #CMMC #DFARS

"Invaluable lesson learned: Understand CUI in Your Environment" Early in my consulting career, I worked with a DIB client to conduct a GAP Analysis for what was then CMMC Level 3 (CMMC 1.0) now Level 2. We started with the typical client interviews, discussing their RFP processes, the handling of technical information (CTI), and ultimately, the management of Controlled Unclassified Information (CUI). ?? Mid-way through the GAP Analysis, the Quality Assurance (QA) person informed me they also stored CUI within their Enterprise Resource Planning (ERP) system. This was a significant revelation! ?? ?? The positive outcome was that we discovered additional locations where CUI was stored during our assessment. If I hadn't had that conversation, my GAP Analysis, Plan of Action & Milestones (POAM), and implementation strategy would have been inaccurate and incomplete. ?? We successfully identified hidden data stores, understood the risks associated with each stage of the CUI lifecycle within their environment, and were finally able to conduct a meaningful and comprehensive gap analysis. ?? Invaluable lesson learned: Understanding the lifecycle of CUI within an organization is absolutely critical for effective data security. DM me if you have any questions or need further clarification. #CUI #DataSecurity #Cybersecurity #GapAnalysis #DataLifecycle #InformationSecurity"